From: Joe Orton <jorton@apache.org>
Date: Wed, 25 Mar 2020 15:13:06 +0000 (+0000)
Subject: * modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): Fix leak of X509
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1561
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b26b549997657b656cc67a8a0dc58c74d732275;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): Fix leak of X509
  struct when accessing SERVER_TLS_SERVER_END_POINT.

PR: 64264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875647 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 6c04f798d3c..cabf08170f9 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -102,6 +102,9 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
     }
     else if (strcEQ(type, "SERVER_TLS_SERVER_END_POINT")) {
         x = SSL_get_certificate(sslconn->ssl);
+        /* Increase refcount so X509_free below works for both client
+         * and server cases. */
+        if (x) X509_up_ref(x);
     }
     else if (strcEQ(type, "CLIENT_TLS_SERVER_END_POINT")) {
         x = SSL_get_peer_certificate(sslconn->ssl);
@@ -130,6 +133,8 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
         preflen = sizeof(TLS_SERVER_END_POINT_PREFIX) - 1;
         prefix = TLS_SERVER_END_POINT_PREFIX;
         data = cb;
+
+        X509_free(x);
     } 
     else {
         return APR_EGENERAL;